Kromtech Security Center has found that over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of Point of Sale malwares, AlinaPOS and JackPOS. The researchers discovered these exposed ElasticSearch servers last week during routine scans. Intrigued by their initial discovery, the Kromtech team used Shodan to identify more than 15,000 ElasticSearch instances that were left exposed online without any form of authentification.

Somewhere in the range of 400 million PC users running Windows 10 around the world may now be susceptible to a fresh cyber attack approach referred to as Bashware. Cyber security firm Check Point discovered and named the new malware, and explain that Bashware exploits the built-in Linux shell in Windows to allow malware to bypass common antivirus and other security software.

A Russian-speaking hacker has been infecting Netgear routers over the past several months with yet another new strain of malware named RouteX. This is used to turn infected devices into what are called called SOCKS proxies, which carry out credential stuffing attacks. This is all according to US cyber-security firm Forkbombus Labs, firm that uncovered this new threat. The hacker allegedly is exploiting CVE-2016-10176, a vulnerability disclosed last December to take over Netgear WNR2000 routers.

The United States Department of Energy announced on Tuesday its investments in the research and development of tools and technologies that would make the country’s energy infrastructure more resilient and secure. Over $20 million of that amount has been allocated to projects focusing on cyber security. The funding, awarded to various national laboratories, will be used to support early-stage research and development of next-generation tools and technologies that improve the resilience and security of critical energy infrastructure, including the power grid, and oil and natural gas infrastructure.

China has set up its first “commercial” quantum network in its northern province of Shandong, Chinese state media has reported. This is the country’s latest step in advancing a technology expected to enable the highest security communications. China touts that it is at the forefront of developing quantum technology. In August it said it sent its first “unbreakable” quantum code from an experimental satellite to the Earth. The Pentagon has called the launch of that satellite a year earlier a “notable advance”.

The decision to remove over 500 apps from the Google Play online app store comes after researchers raised spyware concerns. Cyber security firm Lookout have disclosed that they have found apps that contain and spread spyware programs. Certain software used in the apps had the ability to covertly siphon people’s personal data on their devices without alerting the app makers, Lookout said.

City of Oceanside officials said Tuesday that the internet payment systems where Oceanside residents can pay their utility bills have possibly been breached. Authorities first learned of the potential issue when several residents alerted the municipal institutions, saying the cards they used to pay utility bills had charges to their accounts that had not been authorized. At least two victims used the affected accounts only to pay their utility bill and no other purpose. Though Oceanside officials have not confirmed the utility payment is necessarily the source of the breach, the reports raised the concern and speculation of vulnerability.

The infamous Fancy Bear, a group of hackers commonly believed to be operating out of Russia has leaked emails and medical records related to football (or soccer, to us Americans) players who have used illegal substances. Fancy Bears has made assertions before to be associated with the broader Anonymous hacktivist movement previously. Their members have constructed a website, fancybears.net, where they leaked numerous files as part of a campaign dubbed “OpOlympics.”

The hackers released a statement in which they comment on their operations: “Today Fancy Bears’ hack team is publishing the material leaked from various sources related to football. Football players and officials unanimously affirm that this kind of sport is free of doping. Our team perceived these numerous claims as a challenge and now we will prove they are lying.”

High profile customers have been targeted by Russia’s ‘Fancy Bear’malware, now with upgraded NSA hacking tool EternalBlue leaked out to the public on the internet. According to FireEye, the attacks are are hitting victims through minimal security hotel WiFi routers. The security firm has also stated that they suspect the group is working with Russian Intelligence agency GRU.

Gartner has recently reported a prediction of nearly 20.4 billion connected IoT devices in just the next three years. That’s a rate of about 5.5 million new ‘Things’ per day! These metrics suggest that standard security practices will be insufficient in the very near future to counter the cyber threats that face IoT devices.

IoT security firm Pwine Express has found that SMB’s are far more equipped to handle and identify threats to their workplace networks than larger competitive businesses. About 41% of IT security pro’s at large firms did not know what types of attacks had actually occurred on their devices last year, compared to 25% at SMB-based companies.

About 250 hackers at Black Hat 2017 were polled on the processes they use in hacking systems. Thycotic surveyed many of these individuals, finding that 51% identify as ‘white hats,’ 34% as ‘grey hats,’ and 15% as ‘black hats.’ Defenders can use this data to understand better how to safeguard their own systems.

Half a millions devices have been infected by a rogue botnet, dubbed Stantinko. ESET researchers warn that affected systems can “execute anything on the infected host.” The malware has powered a huge adware campaign since at least 2012, largely targeting Russia and Ukraine, but remained hidden via code encryption until now.

Fidelis Cybersecurity researchers have identified a new variant of the Emotet Trojan that can distribute malicious programs on internal systems. Recent WannaCry and NotPetya incidents have shown us just how efficient and costly these attacks can be if they spread, increasing concerns among security researchers on greater prevalence in the future.

New Emotet banking Trojan signals increasingly complex attacks on the finance industry. An official blog post had subsequently confirmed that a ‘security alert is ongoing related to the discovery, the effects of which are continuing.

“Three quarters of IT decision makers report that they are ‘confident’ they’re secure”

Healthcare networks are filled with IoT devices, but a study has found that the majority of IT experts claim that security systems for many of these are not adequately protected despite many believing that they are.

A breach of the Kansas Department of Commerce may have given hackers access to millions of social security numbers, putting the department on the hook for credit monitoring services for all victims. The SSN’s had not been previously reported. The Kansas News Services obtained the information through an open records request.

Suspected at first to be a ransomware attack, it seems that Petya, the latest cyberscare in the Ukraine, seems as though it was more of a targeted attack. Large firms such as FedEx, Cadbury, Maersk, and more were affected by the malware, however more indicators point to the fact that the attack was not financially motivated but intended to solely destroy device memory.

Industrial control environments are at risk of serious infrastructure risk based on a lack of technical security testing. Crest has publicly pressed for for an upgrade to the cyber security systems ICS environments in response.

A segment of a new bill making its way through the United States Senate would halt any contracting Kaspersky Labs has with the U.S. Department of Defense. The Russian-based security firm had FBI agents visit the homes of many employees in the last week by FBI agents, indicating that congressional pressure may force the company out of one of its markets.

One of the most debilitating ransomware attaks in recent memory was almost certainly the work of North-Korean linked hacking organization ‘Lazarus,’ security group Symantec claims. The suggestion was based on information that the tools and infrasturcture of the program are similar to that of previous Lazarus projects.

Russian Interior Ministry authorities announced that a major cybercriminal gang has been disbanded on Monday. This paricular group had been responsible for almost $900,000 from banking instituions after the infection of over one million Android devices. The group leader is believed to be a 30-year-old in Ivanovo, however members are spread through at least five regions of Russia.

Samsung has been touting their new iris recognition technology as ‘virtually impossible’ to replicate, advertising it as the new flagship S8 security feature. However the hacking group Chaos Computer Club (CCC) has had a differnet story to tell about the new phone’s technology. The organization has claimed that it has easily defeated the feature with just a camera, printer, and a contact lens.

The technology of the future, such IoT and machine learning devices, promise to increase productivity to points never before imagined. However, they also promise to make security threats even more broad than they currently are. As more and more businesses across all fields employ the technology, the vulnerabilities continue to spread with them.

Many usernames and e-mail addresses have been exposed by a data breach. Guradian News and Media (GNM), which has run the dating service since the early 2000’s, claims the sensitive security information was exposed by a third party service provider.

As the presidential candidates in the french election entered a press blackout May 5, Emmanuel Macron’s campaign internet archives were breached. The hackers posted the data stolen on the web, and were widely distributed via 4Chan and Wikileaks. The ‘forensic metadata’ suggests that the attacks were consistent with Russian contractor breaches. Evidence also exists that the hacker may have falsified or edited many of the documents released.

The United States Federal Communication’s Commision website nearly came to a halt after famous comedian John Oliver suggested to his viewers that they should flood the website in attempts to support net neutrality. FCC CIO David Bray claims that the FCC site was subsequently hit with several DDoS attacks at about midnight Eastern Time, causing major disturbances and limited access.

The group associated with the Dridex trojan software has begun using an unpatched Microsoft Word vulnerability that allows it to potentially affect millions of users. The capability of harm was revealed Friday by McAfee antivirus researchers, and security researchers firm FireEye have confirmed more instances of issues over the past several weeks as well.

The recent arrest of a Russian cybercriminal in Spain has led to the destruction of a large scale botnet. Kelihos, a botnet that is directly responsible for the remote control and ‘enslavement’ of hundreds of thousands of IoT devices, has been used to distribute malware globally in the past. On Monday the U.S. Justice Department released a statement claiming it had taken actions to officially dismantle the project.

GameStop, a popular retailer among the gaming community, allegedly has been compromised with the possibility of customer payment card information stolen. Included are the name, address, and verification numbers of credit cards.

Talos Intelligence, a Cisco research group, has finished a two-week observation of a wireless AP from Moxa, concluding that many vulnerabilities are apparent from their tests. Over a dozen were officially verified, including remote exploitation that would effectively give a cybercriminal full access to operating functions of a device. Moxa has apatched all but on of these vulnerabilities, the details of which will be disclosed after it has been dealt with.

BitSight Technologies, a division of Anubis Networks, has announced that one of the largest botnet systems has been armed with several new weapons that would allegedly dwarf any DDoS attack the public has witnessed so far.

Apparently Ruslan Stoyanov, a cybercrime investigator with Kaspersky Labs who was charged for treason by the Russian government, was arrested for passing secrets of state to several United States firms, including Verisign.

Remember when Ruslan Stoyanov, a top cybercrime investigator for Kaspersky Lab, was arrested and charged with treason? It is now being reported that the treason charges were for allegedly passing state secrets to Verisign and other US companies.

SHA-1 vulnerabilities that until recently seemed unlikely to be exploited are now demonstrably exposed to cybercriminals. A team of researchers from CWI Amsterdam and Google have both been successful in developing programs that are able to easily pull assets and other data from SHA-1 files.

Ingenico-brand card readers at check-out lanes and other self serve pay stations are receiving massive amounts of ‘overlay’ incidences. This article shares several photos detailing the devices from compromised terminals and provide more insight into how the system is so successful.

“Hacks affecting senior members of Indian government and political party accounts”

Rahul Gandhi, leader of the Indian Congress Party, was the victim of a Twitter hack in late November, with the hijacker posting obscene and offensive images and phrases on his account. The official congress Party account, @IncIndia, was also affected in the same way. The cyber criminals responsible expressed an agenda of further attacks in the future.

Netgear has publicly disclosed a vulnerability that is exploitable by hackers, leaving them open to commandeering and remote commands. A researcher using the username of ‘Acew0rm reported the flaw to Netgear in August, but reportedly never received a reply to his claim. The problem comes from malfunctions with the management interface that is intended to block and allow for remote commands.

Edit: Beta firmware to fix security issue 582384 related to the router issues has been released. More information is available at https://goo.gl/IJeUIL

A full-scale review of the hacking security incidents related to the Democratic Party during the 2016 presidential elections has been initiated by President Obama, events many believe were undertaken by the Russian government to influence the results of the race. A full report, done with cooperation from several agencies, is expected to be filed and reviewed by the president before the end of his term.

10Fold Content Newsletter

Popular Post

Our Client – AppDynamics

Get in Touch with 10Fold!

With offices based in San Francisco, the California Bay Area and Southern California, 10Fold Communications is conveniently located in the epicenter of technology innovation.

About

10Fold Communications is a high-tech integrated marketing and public relations agency. We leverage our specialized skills and our well-established media and analyst relations to provide you with far-reaching perspectives, insights and results. We’re dedicated to your success and we have the know-how to make it happen..